Configuring multicast stream limits
Limit the number of multicast streams to protect the CPU from multicast data packet bursts generated by malicious applications, such as viruses that cause the CPU to reach 100 percent utilization or that prevent the CPU from processing protocol packets or management requests. If more than a certain number of multicast streams ingress to a CPU through a port during a sampling interval, the port shuts down until you take appropriate action.
About this task
You can enable or disable the mroute stream limit for the entire device or for individual ports when the switch is operating. If you enable the mroute stream limit for the device and for an individual port, only the periodic check is performed for that port.
Procedure
Example
Switch:1(config)#ip mroute stream-limit Switch:1(config)#interface gigabitethernet 3/6 Switch:1(config-if)#ip mroute stream-limit Switch:1(config-if)#ip mroute max-allowed streams 1000 max-allowed-streams-timer-check 20
Variable definitions
Use the data in the following table to use the interface command.
Variable |
Value |
---|---|
<1-4059> |
Specifies the VLAN ID in the range of 1 to 4059. By default, VLAN IDs 1 to 4059 are configurable and the system reserves VLAN IDs 4060 to 4094 for internal use. On switches that support the vrf-scaling and spbm-config-mode boot configuration flags, if you enable these flags, the system also reserves VLAN IDs 3500 to 3998. VLAN ID 1 is the default VLAN and you cannot create or delete VLAN ID 1. |
{slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} |
Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port. |
Use the data in the following table to use the ip mroute command.
Variable |
Value |
---|---|
max-allowed-streams <1–32768> |
Configures the maximum number of streams on the specified port. The port is shut down if the number of streams exceeds this limit. The value is a number between 1–32768. The default value is 1984 streams. To configure this option to the default value, use the default operator with the command. |
max-allowed-streams-timer-check <1–3600> |
Configures the sampling interval, which checks if the number of ingress multicast streams to the CPU is under a configured limit or if the port needs to shut down. The range is between 1–3600. The default value is 10 seconds. To configure this option to the default value, use the default operator with the command. |
Job aid
The following message appears if the system shuts down the port due to excessive multicast streams:
Shutdown port <port> due to excessive multicast streams <# of streams ingressed>; Configured limit max streams <configured limit> in <configured sampling interval> sec. Please disable and re-enable the port.
The following table shows the field descriptions for the show ip mroute interface command.
Field |
Description |
---|---|
PORT |
Indicates the slot and port number. |
MROUTE STR LIMIT |
Indicates the maximum number of multicast streams that can enter the CPU through this port. |
MROUTE STR LIMIT TIMER |
Indicates the sampling period (in seconds) to check the number of multicast streams that enter the CPU through this port. |
ENABLE |
Indicates the status of the mroute stream limit on the port. |